CentOS 7.1 방화벽 내리기

[root@localhost ~]# iptables -L

Chain INPUT (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere

INPUT_direct  all  --  anywhere             anywhere

INPUT_ZONES_SOURCE  all  --  anywhere             anywhere

INPUT_ZONES  all  --  anywhere             anywhere

ACCEPT     icmp --  anywhere             anywhere

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)

target     prot opt source               destination

ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED

ACCEPT     all  --  anywhere             anywhere

FORWARD_direct  all  --  anywhere             anywhere

FORWARD_IN_ZONES_SOURCE  all  --  anywhere             anywhere

FORWARD_IN_ZONES  all  --  anywhere             anywhere

FORWARD_OUT_ZONES_SOURCE  all  --  anywhere             anywhere

FORWARD_OUT_ZONES  all  --  anywhere             anywhere

ACCEPT     icmp --  anywhere             anywhere

REJECT     all  --  anywhere             anywhere             reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)

target     prot opt source               destination

OUTPUT_direct  all  --  anywhere             anywhere

Chain FORWARD_IN_ZONES (1 references)

target     prot opt source               destination

FWDI_public  all  --  anywhere             anywhere            [goto]

FWDI_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_IN_ZONES_SOURCE (1 references)

target     prot opt source               destination

Chain FORWARD_OUT_ZONES (1 references)

target     prot opt source               destination

FWDO_public  all  --  anywhere             anywhere            [goto]

FWDO_public  all  --  anywhere             anywhere            [goto]

Chain FORWARD_OUT_ZONES_SOURCE (1 references)

target     prot opt source               destination

Chain FORWARD_direct (1 references)

target     prot opt source               destination

Chain FWDI_public (2 references)

target     prot opt source               destination

FWDI_public_log  all  --  anywhere             anywhere

FWDI_public_deny  all  --  anywhere             anywhere

FWDI_public_allow  all  --  anywhere             anywhere

Chain FWDI_public_allow (1 references)

target     prot opt source               destination

Chain FWDI_public_deny (1 references)

target     prot opt source               destination

Chain FWDI_public_log (1 references)

target     prot opt source               destination

Chain FWDO_public (2 references)

target     prot opt source               destination

FWDO_public_log  all  --  anywhere             anywhere

FWDO_public_deny  all  --  anywhere             anywhere

FWDO_public_allow  all  --  anywhere             anywhere

Chain FWDO_public_allow (1 references)

target     prot opt source               destination

Chain FWDO_public_deny (1 references)

target     prot opt source               destination

Chain FWDO_public_log (1 references)

target     prot opt source               destination

Chain INPUT_ZONES (1 references)

target     prot opt source               destination

IN_public  all  --  anywhere             anywhere            [goto]

IN_public  all  --  anywhere             anywhere            [goto]

Chain INPUT_ZONES_SOURCE (1 references)

target     prot opt source               destination

Chain INPUT_direct (1 references)

target     prot opt source               destination

Chain IN_public (2 references)

target     prot opt source               destination

IN_public_log  all  --  anywhere             anywhere

IN_public_deny  all  --  anywhere             anywhere

IN_public_allow  all  --  anywhere             anywhere

Chain IN_public_allow (1 references)

target     prot opt source               destination

ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh ctstate NEW

Chain IN_public_deny (1 references)

target     prot opt source               destination

Chain IN_public_log (1 references)

target     prot opt source               destination

Chain OUTPUT_direct (1 references)

target     prot opt source               destination

CentOS 7부터 바뀐 듯 하다. iptables을 대체하는 firewalld 이 나왔다. 서비스 제어하는 부분도 바뀌었다. chkconfig는 일부 서비스만 출력된다. 시스템적인 것 외의 등록 된 것들이 출력 되는 것 같다. 그 외의 것들은 systemctl 명령어 사용해야 한다.

[root@localhost init.d]# systemctl list-unit-files | grep firewalld

firewalld.service                           enabled

firewalld 데몬 정지하고, 비활성화 한다.

[root@localhost init.d]# systemctl stop firewalld

[root@localhost init.d]# systemctl disable firewalld

Removed symlink /etc/systemd/system/dbus-org.fedoraproject.FirewallD1.service.

Removed symlink /etc/systemd/system/basic.target.wants/firewalld.service.

[root@localhost init.d]# systemctl list-unit-files | grep firewalld

firewalld.service                           disabled